Related Posts

Earlier this month, the FTC announced a settlement with Goldenshores Technologies, the developer behind Brightest Flashlight Free, a popular flashlight app for Android. The app allows the user to keep the camera flash and screen illuminated so that it functions like a flashlight. Pretty useful, but there was one small problem: the app also transmitted the phone’s geolocation and device identifier to third parties without notice to users in the privacy policy or the app’s promotional pages.

Earlier this week, 37 state attorneys general announced a $17 million settlement with Google for placing third-party cookies on Safari browsers in violation of Safari’s privacy settings. These allegations aren’t new — privacy researcher Jonathan Mayer uncovered this practice over two years ago, and the Federal Trade Commission has already reached its own $22.5 million settlement with the company for the same behavior. Usually, I don’t like seeing states expend time and effort to replicate cases that the FTC has already prosecuted (and vice versa). There’s no shortage of potential privacy investigations out there; why retread the same ground?

Summer’s just around the corner, so imagine you’re setting off on vacation. When you give your name and credit card to a hotel front desk clerk, you probably expect them to keep that sensitive information about you under lock and key. You probably don’t imagine that this personal information would be easily available to malicious hackers.
But unfortunately for customers of the Wyndham Hotel chain and its affiliates, that hasn’t always been the case. Between 2008 and 2010, the risk of data breaches was unacceptably high. On three separate occasions, third parties attackers circumvented Wyndham’s security systems and accessed credit card information. The FTC filed a complaint against Wyndham in 2012 alleging that the company’s security practices — including failing to encrypt payment data and the use of default logins and passwords — constituted unfair and deceptive practices under the FTC Act.

We’ve blogged before about the practice of browser history sniffing — web developers using a bug in certain browsers to see what other sites a user had been to. We don’t like the practice, and we think it’s probably illegal. Last week, Stanford researcher Jonathan Mayer revealed that he had found…